Volerion logoVolerion
Volerion logoVolerion

Fortinet FortiSandbox and FortiSandbox PaaS Multiple Versions Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting vulnerability has been identified in Fortinet FortiSandbox versions 5.0.0 through 5.0.5, 4.4.0 through 4.4.8, and 4.2 all versions, as well as in FortiSandbox PaaS versions 5.0.0 through 5.0.5, 4.4.0 through 4.4.8, and 4.2 all versions. This vulnerability allows a privileged attacker to execute unauthorized code or commands by sending crafted HTTP requests, leading to a stored cross-site scripting attack.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Remediation

Users can upgrade Fortinet FortiSandbox to version 5.0.6 or above, 4.4.9 or above, or migrate to a fixed release for FortiSandbox 4.2. Fortinet FortiSandbox PaaS users should upgrade to version 5.0.6 or above, 4.4.9 or above, or migrate to a fixed release for FortiSandbox PaaS 4.2.

Added: Apr 14, 2026, 4:47 PM
Updated: Apr 14, 2026, 4:47 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
5.4
exploitability
2.8
remediation
7.7
relevance
5.9
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.